Solved

SFTP through Cisco Pix on Non-standard port

Posted on 2008-06-24
3
1,147 Views
Last Modified: 2008-07-07
I configured an SFTP (openssh) server inside my network. It runs on port 3000 (for example).
I setup an access-list on the PIX to allow traffic on port 3000 to my server, but my test laptop on another network gets "connection refused" when trying to connect on that port.  I can see the hit-count increasing on that line of the access-list so I know the traffic is matching.

I think its a pix setting? Will the pix only allow SSH through on the standard port 22 ?

Thank you,
0
Comment
Question by:jwestbulldog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:jwestbulldog
ID: 21857336
Some clarification:

I can connect to the SSH server from inside the network on port 3000 , so that should rule out server settings or bad username/password.
I'm pretty sure it's firewall related - but access list is set to pass traffic through on port 3000.

Thanks,
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 21857428
0
 

Accepted Solution

by:
jwestbulldog earned 0 total points
ID: 21859726
Fixed it.
The PIX's xlate table had no entry for the internal server. Pinging OUT from that server created the xlate entry and the incoming SFTP connections started working.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question